Hi, thanks to everybody for your answers.
Il giorno 04/gen/2013, alle ore 18:12, Kris Deugau <kdeu...@vianet.ca> ha scritto: > > Mmmm, the problem the OP was asking about is "how do I make sure that > only the specific URIBLs I want are active, no matter what may be added > upstream?". > > IIRC this was asked a while ago but I don't recall any answer better > than "watch the updates closely and disable any new ones when you see > them". I think the reasoning was that new DNSBLs are not casually added > the way new regex or non-DNS rules, and there's usually some warning on > the users and/or dev lists, so you can preemptively add "score NEW_URIBL > 0" to your local.cf or local rules channel. Yes, that's exactly my problem, and unfortunately this is the only solution I came up to, too. The introduction of symbolic name wildcards here would be of great help. Has this ever been considered? One could set one line as: score URIBL_* 0 and add specific scores for desired lists after that. This would imply the definition of a standard naming for rules, but as far as I can see that's quite in place already. > If you're redefining the tests anyway (to use local datafeed versions of > any give URIBL) I would recommend putting them in a custom local TLD > that won't resolve globally, to make sure you really *are* using your > local copies. > > -kgd I have a local bind on each mta, which act as a cache and forwards queries to another bind on our LAN, wich in turn forwards to rbldnsd (updated daily from datafeed services). We'll consider the local tld as further measure. One slightly OT quesiton: as far as postfix is concerned, how could it help with checks against URIDNSBLs? I'm not aware of any method to make postfix scan the body of the message and look for URIs. At best, postfix can query DNSBLs using client IPs and envelope sender/recipient domains, but that's out of the scope of my need…am I missing something? Thanks to everyone for your help! Fabio
